Hi
I need to create a user who can have access on only one folder.
for example I created a user "test" . he should have access only on folder
/testfolder.
The problem is that the user will mostly use FileZilla to ftp his files in the testfolder.
In the fileZilla , i want him to be unable to read other folder than his own that is /testfolder. he should not be able to access any other folders under / .
Can anyone guide me
Thx
If your a root , or if you have root access . you can change the File or folder permission
using chmod .....so other users can't able to read
I dont think i have quite understood what u meant but
Must i change all right on all the other folders to stop the testuser from accessing it
is there not a way to grant the group "testuser" in which test is a user access only on the testuser folder.
A lot depends on your FTP server. I think proftpd will let you restrict a user to one particular directory. You might even be able to arrange a chroot jail.
The thing is a user need to ftp his files in a particular folder. I just dont want him to mess up with other files ..
creating chroot jail (im a bit new to suse linux) might b a prob for me. On that same server i have oracle / weblogic and all..
Thats why, i want to do it a simple way..
Like for example the group "testuser" should SEE ONLY its folder.
It seems he cannot delete files not owned by him..thats fine. But he can still create new files in directories owned by root for instance.
Any idea....
I repeat: A lot depends on your FTP server. (What is it?) I think proftpd will let you restrict a user to one particular directory, and might even be able to arrange a chroot jail.
That would be highly secure -- as far as his login would be concerned, directories above the one he's chrooted into simply wouldn't exist. If you want to restrict him to one and only one directory and not even know others exist, chroot is what you want.
But, doing that depends on your FTP server.
Being able to create files in directories owned by root is normal if the directory is world-writable or he belongs to a group which is allowed to write to it. WARNING -- if he is able to create files in a directory, he may be able to delete files owned by anyone there as well! This is because file deletion is controlled by directory write permissions, not file ownership. (There are some obscure options in some filesystems to change this behavior.) An example in my home directory:
$ sudo touch something
Password:
$ ls -l something
-rw-r--r-- 1 root root 0 Aug 9 10:34 something
$ rm something
rm: remove write-protected regular empty file `something'? y
$
Make sure he doesn't belong to any groups he doesn't need to belong to.
i have succeeded in creating a chroot jail
chroot /testccs ..it works
clientsyslogng:/ # chroot /testccs
bash-3.1# ls
Now can you please explain to me how to attach a user login to it
For example testuser when he logs in ..he should login into /test (home directory)
The FTP server isn't going to do real user logins. If you want a chroot for an FTP user it's the FTP server's job.
For the third time:
A lot depends on your FTP server. What is your FTP server?
I dont think i quite understood what you meant by ftp server.
But i use sftp /sshd
sftp is not ftp; a one-letter difference changes the problem significantly. 
A chroot may still be possible but I'll need to research how.
---------- Post updated at 02:01 PM ---------- Previous update was at 01:27 PM ----------
Here are several solutions for chrooting sftp users.
thanks..at least some light at the end of the tunnel:D.
Well as i said earlier
I have already set up a chroot jail
But im not adding a user to the jail properly cause he can still view other folders
May be im not not able to create a shell for him
You might want to start over and follow their instructions. Setting up a chroot can be tricky.
I have setup a jail following a tutorial i found on the net
int main ( void ) � chroot shell tutorial
It looks good..
But when i execute
sudo /usr/bin/chroot /home/luser /bin/su - luser (which is part of the steps)
i get
/bin/su: incorrect password
:(
Any idea
It probably means what it says: incorrect password. On the other hand, this dangerous (imho) tutorial has you editing /etc/passwd by hand so it's also possible you made a mistake in editing it, or their hand-done changes are incorrect or incompatible with your login system. It's better to use usermod to change a users' setup...
One thing I don't see it doing is adding the login wrapper to /etc/shells, if /etc/shells exists on your system it's probably necessary to add it.
Be sure to complete all steps of the tutorial, including the changes to sudoers.
Well i have added the /bin/chrootshell in /etc/shells
I have checked the sudoers , i have added the user there
luser ALL= NOPASSWD: /usr/bin/chroot, /bin/su - luser
I still have same problem
:(:(:(
You have substituted the username you wanted for "luser", yes? Or if you created a new "luser", did you give it a password? If you created a new luser, how did you do so?
useradd -d /tmp -s /bin/chrootshell luser
passwd luser
and i gave a password
I followed the steps in the tutorial
Thats weird
These instructions are faulty or obsolete, I think. They are five years old, and very rough, and prone to break over minor changes in the login system.
The link someone replied to it with looks more promising. sftp-only chroot jail. It also says openssh v5 and newer supports chroot natively, something I didn't know.
Well, i used a script (attached) which i found on the internet and which seems to works perferctly. it creates the user and it locks him to his home directory.
remember the user needs to be able to login.He will be login though thru an application FileZilla to sftp.
But I tried to create the jail manually cause i need to understand what is really happening. The jail gets created but when it comes to su - user..
it gets the error
/bin/su : incorrect password
I dont know if im missing a library..Im tired of it now..
I still suspect the passwd files inside your chroot.
How about not using random tutorials and suspicious scripts dredged from the internet and trying openssh's built-in chroot feature instead? That will probably work a lot better.